Publicly accessible RDS database stores sensitive data

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

A publicly accessible database containing sensitive data increases the likelihood of brute force attacks successfully granting access, which can be used by an attacker for unauthorized data access or destruction of sensitive information. Sensitive data could include personally identifiable information (PII), credentials, financial information, and network or device information. For more details on how sensitive data is detected, see the official documentation.

Remediation

  1. Modify the database instance to disable public accessibility. Review Hiding a DB instance in a VPC from the internet for more information on how to disable public accessibility.
  2. Confirm that the database instance is only accessible from trusted sources. See Controlling access with security groups for more information on how to configure security groups.